from the free-wifi dept

A few years ago, we wrote about why, for many years, whenever you were in a public place like an airport or a hotel, you'd often see an available WiFi option called Free Public WiFi -- though if you looked carefully, it was an ad hoc (computer-to-computer) network, rather than to a WiFi access point. It turns out that it was because of a stupid bug in Windows XP, which also explains why it's a lot less common these days. Of course, some people always would joke that it was really spy agencies trying to get you to connect to their WiFi. Except, that might not be that much of a joke. The latest reporting on Snowden documents from Glenn Greenwald, in association with some reporters from the CBC, reveals that the Canadian equivalent of the NSA, the Communications Security Establishment Canada (CSEC) has been tracking people as they connect to WiFi networks in a variety of public places including airports, hotels, coffee shops and libraries. The main focus appears to be on airports, but then they use that data to create a map of information about where someone goes.

“I can’t comment in detail on the intelligence operations or capabilities of ourselves or our allies. What I can tell you is that CSEC, under its legislation, cannot target Canadians anywhere in the world or anyone in Canada, including visitors to Canada.”

And yet, as this report shows, they absolutely are collecting tons of data on Canadians and visitors to Canada. And not just a few. The document shows that in a test that "swept a modest size city," they collected information on over 300,000 people. Also, they can then use that information to track where a person goes, creating profiles over time. The document reveals that they're just testing this capability (which was created in coordination with the NSA), but it indicates the plan is for all of the "Five Eyes" countries to use a similar system -- though the reporters say they've been told the system is now fully operational, and not just in test mode.

It's not clear from the document exactly how the CSEC is able to get this data. The CBC report questions a few potential sources, such as key airports and Boingo (the company that supplies WiFi to many public hotspots) and both deny providing the information. The Boingo denial seems reasonable, since in the presentation it actually indicates that they have trouble getting information on users on Boingo's network.

The reporters spoke to multiple experts who all say that there's no possible way that this effort is legal under Canadian law. After all, as Foster himself stated above, the CSEC cannot target anyone on Canadian soil, but they clearly do. The article even quotes Ontario's privacy commissioner Ann Cavoukian who seems horrified by this revelation:

Ontario's privacy commissioner Ann Cavoukian says she is "blown away" by the revelations.

"It is really unbelievable that CSEC would engage in that kind of surveillance of Canadians. Of us.

"I mean that could have been me at the airport walking around… This resembles the activities of a totalitarian state, not a free and open society."

For all the wonders of free WiFi, there's one more downside to keep in mind. If you're using it, you're almost certainly being tracked by a spy agency.

from the an-accidental-XP-virus dept

If you travel a fair bit, as I do, you've noticed at almost every airport that there's an "ad hoc" (i.e., computer-to-computer rather than computer-to-WiFi) option called "Free Public WiFi." It seems to be everywhere. I've never connected to it, because I know enough not to connect to an ad hoc offering, but I was always amazed at the fact that I see it in pretty much every airport I've been to. I had wondered if it was a honeypot scam for a while, but I couldn't believe that scammers would be able to set up such honeypots in so many airports worldwide and no one would catch them and take it down. So how could there be such "Free Public WiFi" (which obviously was not what it claimed to be) in so many places?

The answer? Well, it's all Microsoft's fault.

Apparently, there was a bit of a bug (one of many...) in Windows XP in terms of how it handles certain situations, and it effectively created a "virus" in that unwitting travelers around the globe are all broadcasting "Free Public WiFi" from their computers without realizing it, after they tried to connect to such a network:

When a computer running an older version of XP can't find any of its "favorite" wireless networks, it will automatically create an ad hoc network with the same name as the last one it connected to -- in this case, "Free Public WiFi." Other computers within range of that new ad hoc network can see it, luring other users to connect. And who can resist the word "free?"

Not a lot of people, judging from the spread of Free Public WiFi. Computers with the XP bug that try to connect to the Internet will remember the name, create their own ad hoc networks and entice other users wherever they go.

And so it continues to spread. No one's quite sure where it started, but somewhere way back when, someone set up such an ad hoc network in an airport (perhaps as a joke or a honeypot), and it got picked up by others... and then it just continued spreading. Eventually, it should die out as Windows XP machines finally go extinct, but for now, enjoy (but don't bother connecting) the "Free Public WiFi" found in so many airports...